pdfbox-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tilman Hausherr <THaush...@t-online.de>
Subject Re: Enhancement to CertInformationCollector
Date Sat, 02 Feb 2019 18:50:13 GMT
"altIssuerCert" is set each time in the loop. How do we make sure that 
it's the right one, i.e. the one at the beginning of the chain?

Tilman

Am 01.02.2019 um 13:14 schrieb tobiaspetry@gmail.com:
> In fact, the correct chain might not be found in the right order, so, there could be
a try/catch block within the for loop:
>
> try (InputStream in = certUrl.openStream())
> {
>      Collection<? extends java.security.cert.Certificate> altIssuerCerts =
> certFactory.generateCertificates(in);
>      for (java.security.cert.Certificate c : altIssuerCerts) {
>          X509Certificate altIssuerCert = (X509Certificate) c;
>          addCertToCertificatesMap(altIssuerCert);
>
>          certInfo.alternativeCertChain = new CertSignatureInformation();
>          try {
>              traverseChain(altIssuerCert, certInfo.alternativeCertChain,
> maxDepth - 1);
>          } catch (IOException e) {
>              LOG.error("Error getting additional Certificate from " + certInfo.issuerUrl,
e);
>          }
>      }
> }
>
> On 2019/01/31 16:43:20, Tilman Hausherr <THausherr@t-online.de> wrote:
>> Yes this sounds good, thanks. I'll add it soon.
>>
>> Tilman
>>
>> Am 31.01.2019 um 14:27 schrieb Tobias Brignol Petry:
>>> Hello,
>>>
>>> The current version of
>>> org.apache.pdfbox.examples.signature.validation.CertInformationCollector
>>> supports a single certificate as the alternative issuer.
>>> It could support chains also:
>>>
>>> ---------------------------
>>> Current code (lines 300-308):
>>> try (InputStream in = certUrl.openStream())
>>> {
>>>       X509Certificate altIssuerCert = (X509Certificate) certFactory
>>>               .generateCertificate(in);
>>>       addCertToCertificatesMap(altIssuerCert);
>>>
>>>       certInfo.alternativeCertChain = new CertSignatureInformation();
>>>       traverseChain(altIssuerCert, certInfo.alternativeCertChain, maxDepth -
>>> 1);
>>> }
>>> ------------------------------
>>> Proposed update:
>>> try (InputStream in = certUrl.openStream())
>>> {
>>>       Collection<? extends java.security.cert.Certificate> altIssuerCerts
=
>>> certFactory.generateCertificates(in);
>>>       for (java.security.cert.Certificate c : altIssuerCerts) {
>>>           X509Certificate altIssuerCert = (X509Certificate) c;
>>>           addCertToCertificatesMap(altIssuerCert);
>>>
>>>           certInfo.alternativeCertChain = new CertSignatureInformation();
>>>           traverseChain(altIssuerCert, certInfo.alternativeCertChain,
>>> maxDepth - 1);
>>>       }
>>> }
>>> --------------------------
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
>> For additional commands, e-mail: dev-help@pdfbox.apache.org
>>
>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
> For additional commands, e-mail: dev-help@pdfbox.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org


Mime
View raw message